Football’s international governing body FIFA is coming under investigation from the Information Commissioner’s Office (ICO), as a result of recent claims that it lost personal information relating to many people who bought tickets for the 2006 World Cup.
Recent reports suggest that a member of FIFA staff illicitly accessed vast amounts of data and then sold the valuable information on to unknown buyers. Of the possible 35,000 people that are claimed to have been affected by this incident, many will have had their passport details exposed, according to current allegations.
The ICO has refuted the claims that many tens of thousands of people have been affected and it told Computer Weekly that the figure was closer to 7000, although even this is still a significant number. It did confirm that passport details, names and birth dates were amongst the stolen data.
Security expert Amichai Shulman, said that FIFA’s data handling policies would be brought into disrepute,if this incident was as serious as it seems to be from initial suggestions.
Mr Shulman said that this was symptomatic of the current data protection culture, which points all the defences outwards and ignores the risks from within.
Mr Shulman argues that FIFA should have made it difficult for employees to access data relating to fans, or at least monitored who was accessing this type of information, to quickly plug any leaks that occur or to deter potential defectors from stealing data in this callous manner.
It has been made clear that no hack was involved in this security breach and that the employee simply abused privileged access to data for personal gain at the expense of the integrity of the organisation as a whole.
Observers have been seriously concerned by the fact that FIFA held onto data four years after the World Cup in question had concluded, because it implies FIFA is failing at a very basic level to protect and manage the data for which it is responsible.
Many hope that businesses and organisations will take FIFA’s data loss slip up as another example of how improper controls and data handling policies can leave customers exposed and a company’s reputation sullied.